Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2018-6827 | Improper Certificate Validation vulnerability in Omninova Vobot Firmware VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option. | 8.1 |
| 2018-01-31 | CVE-2018-6374 | Improper Certificate Validation vulnerability in Pulsesecure Desktop Linux Client 5.2R9.2 The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. | 6.5 |
| 2018-01-31 | CVE-2017-15698 | Improper Certificate Validation vulnerability in multiple products When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. | 5.9 |
| 2018-01-26 | CVE-2017-1000396 | Improper Certificate Validation vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. | 5.9 |
| 2018-01-22 | CVE-2017-1000417 | Improper Certificate Validation vulnerability in Matrixssl 3.7.2 MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. | 5.3 |
| 2018-01-22 | CVE-2018-5761 | Improper Certificate Validation vulnerability in Rubrik CDM 3.0.0/4.0.0/4.0.4 A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. | 8.1 |
| 2018-01-19 | CVE-2017-6142 | Improper Certificate Validation vulnerability in F5 Big-Ip Advanced Firewall Manager X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. | 4.8 |
| 2018-01-17 | CVE-2018-5258 | Improper Certificate Validation vulnerability in Banconeon Neon 1.6.14 The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2018-01-12 | CVE-2015-2981 | Improper Certificate Validation vulnerability in Yodobashi 1.2.1.0 The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2018-01-10 | CVE-2018-0786 | Improper Certificate Validation vulnerability in Microsoft .Net Core, .Net Framework and Powershell Core Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." | 7.5 |